git-sync 安全扫描报告 — 可信 | ClawSafe

5 /100

git-sync

Manage whitelisted git repositories from chat. Status, log, diff, pull, push with security controls — only approved repos, write commands need confirmation.

A straightforward, well-structured git management script with a proper repo whitelist, read/write command separation, and confirmation guards — no hidden or suspicious behavior detected.

技能名称git-sync

分析耗时33.0s

引擎pi

✓

可以安装

Approve for use. The skill performs exactly as documented: whitelisted git operations with appropriate confirmation guards for write commands.

安全发现 1 项

严重性	安全发现	位置
低危	Minor doc-code mismatch on merge command 文档欺骗 SKILL.md says merge is blocked/unsafe under 'NOT for:', but the code treats merge as a WRITE_COMMAND (requires --confirm). merge is not blocked outright, only gated. This is a documentation imprecision with no security impact. `NOT for: arbitrary git repos, destructive operations (clean, reset --hard).` → Update SKILL.md to clarify that merge is a write command requiring --confirm, rather than listed under 'NOT for' destructive operations.	`SKILL.md:4`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	scripts/git_ctrl.py:58 — reads repo directory via os.path.isdir()
命令执行	`WRITE`	`WRITE`	✓ 一致	scripts/git_ctrl.py:51 — subprocess.run() for git -C <path> <args>
网络访问	`NONE`	`NONE`	—	No network calls found — git fetch/pull/push run locally through git binary
环境变量	`NONE`	`NONE`	—	No os.environ iteration — only os.path.expanduser for hardcoded paths
技能调用	`NONE`	`NONE`	—	No skill invocation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

目录结构

2 文件 · 8.3 KB · 240 行

Python 1f · 183L Markdown 1f · 57L

├─ ▾ 📁 scripts

│ └─ 🐍 git_ctrl.py Python 183L · 6.7 KB

└─ 📝 SKILL.md Markdown 57L · 1.6 KB

安全亮点

✓ Repo whitelist is enforced: only thesis and polito repos are accessible

✓ Write commands (pull, push, checkout, reset, merge, rebase) require explicit --confirm flag

✓ subprocess.run() uses argument list (no shell=True), preventing command injection

✓ No credential harvesting or environment variable iteration for secrets

✓ No network requests to external IPs — all git operations go through the local git binary

✓ No obfuscation techniques (base64, eval, encoded strings)

✓ No data exfiltration — output is printed to stdout, not sent anywhere

✓ SKILL.md accurately describes the tool's purpose, triggers, and security model

✓ Timeout protection (30s default, 60s for fetch/pull/push) prevents runaway processes

✓ Command choices are properly validated against READ_COMMANDS and WRITE_COMMANDS sets